/ PikaBot: a Guide to its Deep Secrets and Operations
PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...
This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:
https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
PikaBot is a malware loader... several sources reported that successful PikaBot compromises led to the deployment of the Black Basta ransomware...
This article provides an in-depth analysis of PikaBot, focusing on its anti-analysis techniques implemented in the different malware stages. Additionally, this report shares technical details on PikaBot C2 infrastructure:
https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
Sekoia.io Blog
PikaBot: a Guide to its Deep Secrets and Operations
Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.
/ Muhstik Malware Targets Message Queuing Services Applications
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Aqua
Muhstik Malware Targets Message Queuing Services Applications
Aqua Nautilus has uncovered a new Muhstik malware campaign targeting message queuing services by exploiting a vulnerability in RocketMQ.
/ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
www.koi.ai
1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension | Koi Blog
/ Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30080
/ FortiOS RCE
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:
https://www.fortiguard.com/psirt/FG-IR-23-460
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments:
https://www.fortiguard.com/psirt/FG-IR-23-460
FortiGuard Labs
PSIRT | FortiGuard Labs
None
Аутлук или Оутглюк? Ясно одно - открыв письмо из него можно словить два эффекта одновременно: Critical Microsoft Outlook Vulnerability Executes as Email is Opened (CVE-2024-30103)
The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute:
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
The CVE-2024-30103 vulnerability is particularly concerning due to its high probability of exploitation. It is a zero click vulnerability which does not require the user to interact with the content of a malicious email, making it extremely simple to execute:
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Morphisec
You’ve Got Mail: Critical Microsoft Outlook Vulnerability CVE-2024-30103 Executes as Email is Opened
Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.
/ AutoIt Delivering Vidar Stealer Via Drive-by Downloads
Dangerous KMSPico activator tool..:
https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads
Dangerous KMSPico activator tool..:
https://www.esentire.com/blog/autoit-delivering-vidar-stealer-via-drive-by-downloads
eSentire
AutoIt Delivering Vidar Stealer Via Drive-by Downloads
Learn more about Vidar Stealer malware being delivered through drive-by downloads and get security recommendations from our Threat Response Unit (TRU) to…
/ lnav – Awesome terminal log file viewer for Linux and Unix
https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/
https://www.cyberciti.biz/open-source/lnav-linux-unix-ncurses-terminal-log-file-viewer/
nixCraft
lnav – Awesome terminal log file viewer for Linux and Unix
Learn how to install and use lnav a powerful terminal-based log file viewer for Linux/Unix to efficiently navigate, search, and analyze logs.
/ D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware:
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
/ Backdoor BadSpace delivered by high-ranking infected websites
There is a tendency to infect WordPress websites and to inject the malicious code to the JavaScript libraries like jQuery or in the index page.
..The PowerShell code silently downloads the BadSpace backdoor and after ten seconds it executes the downloaded file using rundll32.exe..:
https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
There is a tendency to infect WordPress websites and to inject the malicious code to the JavaScript libraries like jQuery or in the index page.
..The PowerShell code silently downloads the BadSpace backdoor and after ten seconds it executes the downloaded file using rundll32.exe..:
https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Gdatasoftware
BadSpace: Backdoor hides in fake software update
Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there's an unwelcome surprise: the BadSpace backdoor. What is this new threat…
/ New Diamorphine rootkit variant seen undetected in the wild
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/
Gendigital
New Diamorphine rootkit variant seen undetected in the wild
Advanced Features of New Diamorphine
/ Cloaked and Covert: Uncovering UNC3886 Espionage Operations
After exploiting zero-day vulnerabilities to gain access to vCenter servers and subsequently managed ESXi servers, the actor obtained total control of guest virtual machines that shared the same ESXi server as the vCenter server..:
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
After exploiting zero-day vulnerabilities to gain access to vCenter servers and subsequently managed ESXi servers, the actor obtained total control of guest virtual machines that shared the same ESXi server as the vCenter server..:
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Google Cloud Blog
Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog
UNC3886 uses several layers of organized persistence to maintain access to compromised environments over time.
/
...part of a business email compromise (BEC) phishing campaign:
https://any.run/cybersecurity-blog/phishing-incident-report/
Any.Run - Phishing Incident Report: Facts and Timeline ...part of a business email compromise (BEC) phishing campaign:
https://any.run/cybersecurity-blog/phishing-incident-report/
ANY.RUN's Cybersecurity Blog
Phishing Incident Report: Facts and Timeline - ANY.RUN's Cybersecurity Blog
We are providing the first results of our investigation into the recent incident and share a full account of the events with our community.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)
OpenBLD.net Preventing: - Polyfill supply chain attack (hits 100K+ sites)
The
All IoC sent to💪
Attack details:
https://sansec.io/research/polyfill-supply-chain-attack
The
polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain...All IoC sent to
OpenBLD.net ecosystem Attack details:
https://sansec.io/research/polyfill-supply-chain-attack
Please open Telegram to view this post
VIEW IN TELEGRAM
/ The Growing Threat of Malware Concealed Behind Cloud Services
- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
- Affected Platforms: Linux Distributions
- Impacted Users: Any organization
- Impact: Remote attackers gain control of the vulnerable systems
- Severity Level: High
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ. This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack..:
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
Fortinet Blog
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botne…
/ GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
- Run pipelines as any user
- Private job artifacts can be accessed by any user
- Denial of service using a crafted OpenAPI file
- and more..
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
GitLab
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
Learn more about GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
Qualys
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys
CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.
/ Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
...Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure..:
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
www.evasec.io
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications | E.V.A
Multiple vulnerabilities affecting the CocoaPods ecosystem, have been discovered, posing a major risk of supply chain attacks.
/ CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers...
The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:
https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
The new versions of CapraRAT each use WebView to launch a URL to either YouTube or a mobile gaming site, CrazyGames[.]com. There is no indication that an app with the same name, Crazy Games, is weaponized as it does not require several key CapraRAT permissions, such as sending SMS, making calls, accessing contacts, or recording audio and video..:
https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
SentinelOne
CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
SentinelLABS has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.